Sunday, December 22, 2013

Generally, this error is caused because of a mismatch between a provisioning profile and a private key. It can also be that you even do not own a private key that makes your identity identified to the provisioning profile which are you working with.

First Resolution
Double-check that the profile that you have got from Apple Developer Program is the correct one that you are supposed to have. Sometimes organizations have multiple profiles for each team and although you have a correct private key, you own the wrong provisioning profile.

Second Resolution
You do not own the private key of the provisioning profile and/or identity that you are using. You need to own a private key file with .p12 extension in order for your identity to be validated. Whoever have created your identity (in case you work in a team of developers, it could be someone else), has it on his/her machine when he has created the profile and/or identity. you need to get this key from that person or reissue a new private key (which takes some time) in order to resolve the issue.

Saturday, December 21, 2013

A Brief Preface: I recently realized that the documentation for signing your Mac OSX applications with codesign is distributed across many documents which is extremely hard to find (You can find those documents in the "more to read" section of this post). Also, in the documentation it has been assumed that you will sign your code with XCode which is not always the case. As you may know, XCode is mainly used for development with Objective C for MacOSX and iPhone but a lot of Mac OSX applications are written in C/C++ and Java which XCode does not support any feature for those project types and makes the signing process extremely hard.

NOTE: If you have not registered in Apple's Developer Program, you need to do so before you can sign your code.

2. Under Developer Program Resources, click on Certificates, Identifiers and Profiles. Under Mac Apps Click on Certificates. Then go to your certificate and then Click on Download. Now you have downloaded the Certificate.

3. Find the certificate file that you downloaded, and run it. Keychain Access program will be opened by default and will put your Certificate under login keychains and certificates category:

4. Download your private key from the Apple's website: In the downloaded folder you will find a key file with .p12 extension which is Mac’s public key (PKCS12) format. Again, open the file and automatically it will be attached to the certificate you just downloaded.

Check whether it is already there as you expect it.

5. Next Step is to get Developer’s ID. Right click on the certificate of Mac developer profile which you want the code to be signed with and click on “Get info”. On the new windows, scroll down and get the SHA1 fingerprint of the certificate:

Remove the white-spaces and put it under $DEVELOPER_ID in your sign command or if you have one, in your build script. Also, you need to add the requirement for signing. Read about it on Mac Developer Documentation: Apple's Codesign Requirement Specification

Remark: One example of requirements can be of following (This example uses Mozilla's XULWrapper platform):